Wiper malware variant correlation with the Viasat cyber-assault during Ukraine's conflict leads to growing apprehensions
News Article: New AcidPour Variant Pose Threat to Critical Infrastructure
The U.S. State Department, along with European officials, has condemned malicious cyberthreat activity on Russia in February 2022, as concerns about cyber attacks targeting critical infrastructure in NATO member countries, including the U.S., have escalated.
In 2022, the White House warned about possible retaliatory cyberattacks against U.S. targets in response to economic sanctions imposed during the war. Fast forward to 2023, and the White House launched an effort to focus cyber resilience efforts on space due to growing concerns about the ability of malicious attacks against satellite communications and other critical technologies.
Amidst these threats, a new variant of the AcidRain wiper, named AcidPour, has been discovered. This malware variant poses significant risks to embedded devices and critical infrastructure due to its destructive capabilities to erase disk partitions and firmware, which can lead to permanent hardware damage and system inoperability.
AcidPour is an evolution of the AcidRain wiper family known for targeting critical systems by deleting storage partitions and wiping data irreversibly. While explicit details on the New AcidPour variant are limited, analysis of AcidRain-related threats indicates that these wipers target firmware and low-level system storage, which are commonly found in embedded devices used in critical infrastructure such as industrial control systems and IoT devices.
The reference to AcidPour in the 2025 Splunk Security Content mentions an in-depth analysis of AcidPour as a variant of AcidRain wiper malware emphasizing adversary tradecraft and threats emerging in 2025. This aligns with ongoing trends of wiper malware increasingly focusing on critical industrial and embedded device environments, where recovery is complex and damage severe.
The AcidPour variant has capabilities beyond that of AcidRain, posing a risk to embedded devices such as IoT, networking, large storage, and industrial control systems running Linux x86 distributions. The intent of AcidPour, according to Tom Hegel, principal threat researcher, is to impact Ukrainian operations on a larger scale and continue to disrupt key infrastructure and communication abilities.
The AcidPour variant was discovered during the disruption of multiple telecom networks in Ukraine, which have been offline since March 13. Thousands of satellite broadband customers in Ukraine and tens of thousands of fixed broadband customers across Europe were disrupted by the attacks.
Corporate stakeholders are seeking to better understand the risk calculus of their technology stacks, asking the question: Are we a target? U.S. authorities have repeatedly warned about the potential of state-linked actors using cyber attacks to disrupt key industries in the West, including energy providers, communications, military contractors, and other industries.
Despite the high risk, detailed public technical specifics about the New AcidPour variant remain limited as of August 2025, with much of the threat intelligence still under investigation or restricted to cybersecurity professionals monitoring emerging wiper malware trends.
- Amid escalating concerns about cyber attacks on critical infrastructure, the focus on cyber resilience has expanded to include space technology, with the White House launching an effort to strengthen protection in 2023.
- In the realm of general news, politics, and war-and-conflicts, cybersecurity has become a significant concern as state-linked actors are increasingly suspected of using cyberattacks to disrupt key industries in the West.
- The emergence of the new AcidPour variant, a destructive malware that poses risks to embedded devices and critical infrastructure, highlights the growing threats in the field of cybersecurity, particularly in relation to technology such as IoT, networking, and industrial control systems.
